Method and system for registering and verifying smart card certificate for users moving between public key infrastructure domains

US 8,340,296 B2
Filed: 01/20/2004
Issued: 12/25/2012
Est. Priority Date: 01/20/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A system for registering and verifying a smart card certificate for users moving between public key infrastructure domains, comprising:

a smart card for storing a first certificate of a first domain;

a terminal located in a second domain to transmit a certification response using the first certificate of the smart card and to transmit a second certificate of the second domain to the smart card with respect to the transmitted certification response; and

a second certification authority located in the second domain,wherein the second certification authority transmits its own public key to the terminal, and the terminal transmits the public key of the second certification authority to the smart card, and the smart card verifies the terminal by verifying the second certificate by using the public key of the second certification authority,wherein the first domain is different from the second domain, andwherein the second certification authority verifies the certification response transmitted through the terminal, creates the second certificate to be stored in the smart card and transmits the created second certificate to the terminal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein is a method and system for registering and verifying a smart card certificate for users moving between public key infrastructure domains, which allows a user moving between domains to have a smart card certified in a terminal located in an external domain other than a home domain. According to the present invention, when a user wants his/her own smart card to be certified in a terminal of an external domain, a certification authority of the external domain can certify the smart card using a certificate stored in the smart card and signed electronically by a certification authority of a home domain. Additionally, a new certificate issued by the certification authority of the external domain is stored in the certified smart card, so that a certificate of the moving user can be verified regardless of domains and a new certificate of a moved domain can be easily obtained.

25 Citations

View as Search Results

18 Claims

1. A system for registering and verifying a smart card certificate for users moving between public key infrastructure domains, comprising:
- a smart card for storing a first certificate of a first domain;
  
  a terminal located in a second domain to transmit a certification response using the first certificate of the smart card and to transmit a second certificate of the second domain to the smart card with respect to the transmitted certification response; and
  
  a second certification authority located in the second domain,wherein the second certification authority transmits its own public key to the terminal, and the terminal transmits the public key of the second certification authority to the smart card, and the smart card verifies the terminal by verifying the second certificate by using the public key of the second certification authority,wherein the first domain is different from the second domain, andwherein the second certification authority verifies the certification response transmitted through the terminal, creates the second certificate to be stored in the smart card and transmits the created second certificate to the terminal.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system as set forth in claim 1, further comprisinga first certification authority located in the first domain and connected to the second certification authority through a network to verify the certification response transmitted from the second certification authority through the network and to transmit a verification result to the second certification authority;
    - wherein the verification of the certification response from the second certification authority is performed depending upon the verification result of the first certification authority.
  - 3. The system as set forth in claim 1, wherein the transmitted second certificate is stored in the smart card.
  - 4. The system as set forth in claim 1, wherein a private key for the stored certificate is stored in the smart card.
  - 5. The system as set forth in claim 1, wherein a public key for the stored certificate is stored in the smart card.
  - 6. The system as set forth in claim 1, wherein the first domain includes a first certification authority which issues the first certificate, and the second domain includes a second certification authority which issues the second certificate.

7. A system for registering and verifying a smart card certificate for users moving between public key infrastructure domains, comprising:
- a smart card for storing a first certificate of a first domain;
  
  a first terminal located in the first domain to transmit a certification response using the first certificate stored in the smart card and to transmit a second certificate of a second domain to the smart card with respect to the transmitted certification response; and
  
  a second certification authority located in the second domain,wherein the second certification authority transmits its own public key to a first certification authority in the first domain, and the first certification authority transmits the public key of the second certification authority to the first terminal, and the first terminal transmits the public key of the second certification authority to the smart card, and the smart card verifies a second terminal in the second domain by verifying the second certificate by using the transmitted public key of the second certification authority,a first certification authority located in the first domain to verify the certification response transmitted through the first terminal and to transmit the second certificate to be stored in the smart card to the first terminal,wherein the first domain is different from the second domain.
- View Dependent Claims (8)
- - 8. The system as set forth in claim 7, wherein the second certification authority connected to the first certification authority through a network creates the second certificate and transmits the second certificate to the first certification authority in response to a certification request of the first certification authority.

9. A method for registering and verifying a smart card certificate for users moving between public key infrastructure domains, comprising the steps of:
- a user accessing a terminal located in a second domain using a smart card in which a first certificate of a first certification authority is stored;
  
  the smart card transmitting a certification response to a certification request of the terminal using the first certificate of the smart card to the terminal;
  
  the terminal transmitting the certification response of the smart card to a second certification authority located in the second domain; and
  
  the terminal transmitting a second certificate of the second certification authority transmitted from the second certification authority to the smart card in response to the transmitted certification response,wherein, the step of the terminal transmitting the second certificate of the second certification authority comprises the steps of;
  
  the second certification authority transmitting its own public key to the terminal;
  
  the terminal transmitting the public key of the second certification authority to the smart card; and
  
  the smart card verifying the terminal by verifying the second certificate by using the public key of the second certification authority,wherein the first domain is different from the second domain,wherein the step of the smart card transmitting the certification response comprises the steps of;
  
  the terminal transmitting a certification request message to the smart card; and
  
  the smart card electronically signing the certification request message, and transmitting the certification response including the signed certification request message and the first certificate to the terminal.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method as set forth in claim 9, wherein the step of the terminal transmitting the second certificate of the second certification authority comprises the steps of:
    - the second certification authority verifying the transmitted certification response;
      
      the second certification authority creating the second certificate to be stored in the certified smart card, and transmitting the created second certificate to the terminal; and
      
      the terminal transmitting the transmitted second certificate to the smart card.
  - 11. The method as set forth in claim 10, wherein the step of the second certification authority verifying the transmitted certification response comprises the steps of:
    - the second certification authority transmitting the certification response transmitted from the smart card to the first certification authority located in the first domain and connected to the second certification authority through a network; and
      
      the first certification authority verifying the certification response and transmitting a verification result to the second certification authority.
  - 12. The method as set forth in claim 9, wherein the transmitted second certificate is stored in the smart card.
  - 13. The method as set forth in claim 9, wherein a private key for the stored certificate is stored in the smart card.

14. A method for registering and verifying a smart card certificate for users moving between public key infrastructure domains, comprising the steps of:
- a user accessing a first terminal located in a first domain using a smart card in which a first certificate of the first domain is stored;
  
  the smart card transmitting a certification response to a certification request of the first terminal using the first certificate of the smart card to the first terminal;
  
  the first terminal transmitting the certification response of the smart card to the first certification authority located in the first domain;
  
  the first terminal transmitting a second certificate of a second certification authority transmitted from the first certification authority to the smart card in response to the transmitted certification response,the second certification authority transmitting its own public key to the first certification authority;
  
  the first certification authority transmitting the public key of the second certification authority to the first terminal;
  
  the first terminal transmitting the public key of the second certification authority to the smart card; and
  
  the smart card verifying a second terminal by verifying the second certificate by using the transmitted public key of the second certification authority,wherein the first domain is different from a second domain,wherein the step of the smart card transmitting the certification response comprises the steps of;
  
  the first terminal transmitting a certification request message to the smart card; and
  
  the smart card electronically signing an electronic signature to the certification request message, and transmitting the certification response including the signed certification request message and the first certificate to the first terminal.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method as set forth in claim 14, wherein the step of the first terminal transmitting the second certificate of the second domain comprises the steps of:
    - the first certification authority verifying the transmitted certification response;
      
      the first certification authority requesting a second certificate to be stored in the verified smart card from a second certification authority located in the second domain;
      
      the second certification authority creating the second certificate and transmitting the created second certificate to the first certification authority;
      
      the first certification authority transmitting the transmitted second certificate to the first terminal; and
      
      the first terminal transmitting the transmitted second certificate to the smart card.
  - 16. The method as set forth in claim 14, further comprising the steps of:
    - the smart card storing the transmitted second certificate;
      
      the smart card accessing a second terminal of the second domain;
      
      the second terminal transmitting a certification request message to the smart card;
      
      the smart card electronically signing the certification request message and transmitting a certification response including the signed certification request message and the stored second certificate to the second terminal; and
      
      the second terminal verifying the certification response using a public key of the second certification authority.
  - 17. The method as set forth in claim 14, wherein the transmitted second certificate is stored in the smart card.
  - 18. The method as set forth in claim 14, wherein a private key for the stored certificate is stored in the smart card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Lee, Byung-rae, Chang, Kyung-ah
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
Schmidt, Kari

Application Number

US10/759,271
Publication Number

US 20040144840A1
Time in Patent Office

3,262 Days
Field of Search

380/277, 380/235, 380/279, 380/283, 235/380, 713/155, 713/156, 713/157, 713/170, 713/173, 713/186, 713/193, 705/64, 705/67, 705/51, 238/380
US Class Current

380/277
CPC Class Codes

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

G06F 2221/2115   Third party

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

Method and system for registering and verifying smart card certificate for users moving between public key infrastructure domains

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for registering and verifying smart card certificate for users moving between public key infrastructure domains

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links